Daily Cyber & AI Briefing with Michael Housch. This episode was published automatically and includes the assembled audio plus full transcript. TranscriptToday’s cyber and AI risk environment is evolving at a pace that challenges even the most prepared organizations. We’re seeing a surge in both technical exploits and governance dilemmas, with multiple zero-day vulnerabilities under active attack and a wave of high-profile breaches making headlines. At the same time, the rapid integration of artificial intelligence into enterprise and physical security systems is creating new opportunities—but also introducing new risks. Global regulators and industry leaders are emphasizing the need for stronger governance, more robust identity controls, and, crucially, human oversight. Let’s start with the most urgent technical threat on the radar: the Ivanti Endpoint Manager Mobile, or EPMM, zero-day vulnerability. The Cybersecurity and Infrastructure Security Agency, CISA, has issued an emergency directive requiring all federal agencies to patch this critical flaw—tracked as CVE-2026-6973—within just four days. This is a direct response to reports of active exploitation in the wild, where attackers are leveraging the vulnerability to gain unauthorized access to sensitive systems. The urgency of CISA’s directive highlights a broader truth: rapid vulnerability management isn’t just a best practice, it’s now a baseline requirement for resilience. If you’re in the private sector, don’t assume this is just a government problem. Ivanti’s EPMM is widely deployed across industries, and attackers are opportunistic. Security leaders need to assess their organization’s exposure immediately, prioritize patching, and accelerate patch cycles. Delays in remediation can open the door to lateral movement, data exfiltration, and even ransomware. The lesson here is clear: in today’s environment, the window between vulnerability disclosure and exploitation is shrinking. Organizations that can’t keep up with rapid patching are at heightened risk. Now, let’s turn to the Trellix breach, which underscores a different but equally significant risk: the security of security vendors themselves. The ransomware group RansomHouse claims to have breached Trellix and accessed portions of the company’s source code. This is a sobering reminder that even the companies building the tools we rely on for defense are not immune to compromise. When a security vendor is breached, the downstream risk extends to every customer using their products. Exposure of source code can facilitate further exploits, enable attackers to identify new vulnerabilities, or even launch supply chain attacks. For CISOs and security teams, this means monitoring for vendor advisories is critical. Don’t just assume your tools are safe because they come from a reputable provider. Consider additional controls around third-party software, and be ready to respond quickly if your vendors are affected. Supply chain security is no longer a theoretical risk—it’s an operational reality. Moving to cloud and container environments, we’re seeing a new wave of sophisticated malware campaigns. A modular remote access trojan, or RAT, is currently targeting cloud credentials and capturing screenshots, while the PCPJack worm is actively going after Docker, Kubernetes, Redis, and MongoDB deployments, stealing credentials wherever it can. These attacks highlight a growing trend: adversaries are getting smarter about targeting cloud-native and containerized environments, which often have complex configurations and, sometimes, overlooked security gaps. If your organization relies on these platforms, it’s time to review your segmentation strategies, credential management policies, and monitoring capabilities. Segmentation can limit the blast radius of an attack, strong credential management reduces the risk of compromise, and robust monitoring helps detect anomalous acti
